Cisco Support Community
Community Member

Catalyst 6500 & IOS 12.1(8b)E6 IP MLS is NOT enabled globally.

Our customer's 6509 complete with dual MSFC2s (WS-X6K-SUP2-2GE) plus PFC2s (WS-F6K-PFC2) do not appear to be destination flowing but rather flooding to all ports.

Only by adding mls rp ip to an interface did the MSFC suddenly append the following output to a sho mls rp:

number of domains configured for mls 1

vlan domain name: -null-

current ip flow mask: destination

ip current/next global purge: false/false

ip current/next purge count: 0/0

current ipx flow mask: destination

ipx current/next global purge: false/false

ipx current/next purge count: 0/0

current sequence number: 1832766134

current/maximum retry count: 0/10

current domain state: no-change

domain uptime: 01:12:21

keepalive timer expires in 0 seconds

retry timer not running

change timer not running

fcp subblock count = 1

0 management interface(s) currently defined:

1 mac-vlan(s) configured for multi-layer switching

1 mac-vlan(s) enabled for ip multi-layer switching:

mac 00d0.054a.47fc

vlan id(s)


0 mac-vlan(s) enabled for ipx multi-layer switching:

router currently aware of following 0 switch(es):

no switch id's currently exists in domain

I'm aware that the appropriate VTP domain will have to be configured per interface, but according to Kennedy Clark this is optional. A management interface will also be required.

If mls is globally activated then why must it be activated on the interface and be subsequently dependant upon VTP. I can appreciate the latter, but it's not well documented.

I cannot believe that these caveats have not already been uncovered by others, but I would like to CCO pointers to the appropriate configuration steps. Another customer running IOS 12.1(8b)E9 appears to mave a multi-tude of flows.

The very same msfc "show mls rp" also indicates that I'm using destination flow - despite the presence of extended access lists on the very same blade. Do I have to coerce the switch with an mls flow command to increase grannularity.

CCO states that "show ip [interface]" displays IP mls details. Am I missing something in the following output:

CHEL_003MSFC#sho ip int vlan 458

Vlan458 is up, line protocol is up

Internet address is

Broadcast address is

Address determined by non-volatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Multicast reserved groups joined:

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP Feature Fast switching turbo vector

IP Feature CEF switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Probe proxy name replies are disabled

Policy routing is disabled

Network address translation is disabled

WCCP Redirect outbound is disabled

WCCP Redirect exclude is disabled

BGP Policy Mapping is disabled

IP multicast multilayer switching is disabled

Advice an quidance would be greatly appreciated.

Cisco Employee

Re: Catalyst 6500 & IOS 12.1(8b)E6 IP MLS is NOT enabled globall

Did you configure the MSFC to act as an MLS-RP for an external switch? Do

you have a CAT5500 with an NFFC as an MLS-SE

The "show mls rp" command on the MSFC only displays information pertaining to EXTERNAL MLS, ie, using the MSFC as an external MLS-RP for a Catalyst 5000 w/NFFC or NFFC II running as an MLS-SE. In that case, all MLS

config on the MSFC is in relation to the external Cat5000, and will reflect the status and configuration of that MLS implementation. This is discussed in the

following page on CCO

MLS on the Catalyst 6000 is internal and is enabled by default. The "show mls rp" command on the MSFC displays "NO" information pertaining to this internal MLS. To view the internal MLS status, enter the hidden command "show mls status" on the MSFC.

You can also type the following command on the switch side(NMP) for checking MLS operation.

sh mls ip

sh mls ipx

sh mls entry

Community Member

Re: Catalyst 6500 & IOS 12.1(8b)E6 IP MLS is NOT enabled globall

The MSFC contains the following global command: mls rp ip.

To help; here's the switch module configuration:

CHEL_002CAT6> (enable) sho ver

WS-C6509 Software, Version NmpSW: 6.3(3)

Copyright (c) 1995-2001 by Cisco Systems

NMP S/W compiled on Oct 29 2001, 15:42:29

System Bootstrap Version: 6.1(4)

System Web Interface Version: Engine Version: 5.3 ADP Device: Cat6000 ADP Versio

n: 1.6 ADK: 40

Hardware Version: 2.0 Model: WS-C6509 Serial #: SCA054100DB

PS1 Module: WS-CAC-1300W Serial #: SON04442861

PS2 Module: WS-CAC-1300W Serial #: SNI05360100

Mod Port Model Serial # Versions

--- ---- ------------------- ----------- --------------------------------------

1 2 WS-X6K-SUP2-2GE SAD05380B7F Hw : 3.2

Fw : 6.1(4)

Fw1: 6.1(3)

Sw : 6.3(3)

Sw1: 6.3(3)

WS-F6K-PFC2 SAD053805G1 Hw : 2.0

2 2 WS-X6K-SUP2-2GE SAD054002SA Hw : 3.2

Fw : 6.1(4)

Fw1: 6.1(3)

Sw : 6.3(3)

Sw1: 6.3(3)

WS-F6K-PFC2 SAD054002CM Hw : 2.0

3 48 WS-X6348-RJ-45 SAD04300U9V Hw : 2.1

Fw : 5.4(2)

Sw : 6.3(3)

4 48 WS-X6348-RJ-45 SAL05031KA6 Hw : 1.4

Fw : 5.4(2)

Sw : 6.3(3)

5 48 WS-X6348-RJ-45 SAL06152F9Q Hw : 6.1

Fw : 5.4(2)

Sw : 6.3(3)

6 48 WS-X6548-RJ-45 SAD061500PV Hw : 4.2

Fw : 6.3(1)

Sw : 6.3(3)

9 0 WS-X6182-2PA SAD0437038F Hw : 1.3

Fw : 12.1(8b)E6

Sw : 12.1(8b)E6

15 1 WS-F6K-MSFC2 SAD053808VF Hw : 1.2

Fw : 12.1(8b)E6

Sw : 12.1(8b)E6

16 1 WS-F6K-MSFC2 SAD0540007J Hw : 1.2

Fw : 12.1(8b)E6

Sw : 12.1(8b)E6


Module Total Used Free Total Used Free Total Used Free

------ ------- ------- ------- ------- ------- ------- ----- ----- -----

1 130944K 66505K 64439K 32768K 11063K 21705K 512K 343K 169K

Uptime is 197 days, 1 hour, 52 minutes

The show mls status yields less information that a show mls rp.

The show mls is unsupported on our IOS. Everything is revealed at the bottom of a sh mls entry.

CreatePlease to create content